Tagged Questions

Cipher block chaining (CBC) is a method for encrypting large amounts of data with a block cipher that can only encrypt fixed length plaintexts. When used with an unpredictable initialization vector (IV), it is secure against chosen plaintext attacks (CPA-secure).

I have a need to encrypt credentials for a third-party app used by a secured internal app. Over on ITSec.SE, I was helpfully shown a scheme to encrypt the third-party credentials based on a hash of ...

Given a message $M$ and a cryptographic hash function $H$, let $f(M) = E_K(M || H(M))$ where $E_K$ is AES-128-CBC encryption with PKCS#5 padding. Take $H = \textrm{SHA-256}$ if it matters. In other ...

i'm trying to figure out when an Intialization Vector (IV) should be used.
There are anecdotal reports that WEP was broken because of weak IV's. It's also claimed that if two pieces of plaintext are ...

I need to store several million Payment Card Numbers (PCNs) securely in a mainframe database (that is, 'at rest'). I assume that any attacker will have access to all of the stored data.
I assume the ...

In my cryptography class, the instructor suggested that in order to give the attacker a minimal advantage of $1/2^{32}$, we have to change the key after $2^{48}$ blocks are encrypted.
It seems that ...

Why is it necessary to use a sufficiently long block size when implementing a CBC block cipher with a truly random initialization vector? In ECB mode it's easy to get information about the message if ...

A "practical attack against XML's cipher block chaining (CBC) mode" has been demonstrated:
XML Encryption Flaw Leaves Web Services Vulnerable.
Does this weakness of CBC-mode which is used here also ...

SSL 3.0 and TLS 1.0 used an insecure scheme to generate implicit IVs when encrypting records in CBC mode: they used the last part of the previous record, a value that can be predicted by the attacker. ...

I'm trying to understand the SSL Poodle Attack and I'm wondering why the last block of a CBC Record can be full of padding? Wouldn't that mean that the useful data was already a multiple of the key ...

I'm currently working with a secure transport protocol that defines the IV to be a counter (incremental nonce) to be encrypted with the same key. This is a followup to a protocol that did not provide ...